You are provided with a list of objectives for this Battle Room. In order to complete these objectives, you will need the following information:
1) The user1 password is P@ssedU1
2) There is a link to the Q&A Portal on the desktop. View questions and submit answers in the portal.
3) There is a desktop shortcut to Autopsy. Additional forensic tools are in the C:\Utils directory.
4) For additional information on how to use Autopsy please reference: http://sleuthkit.org/autopsy/docs/user-docs/4.17.0/
5) The forensic image files have been imported into a Case File for you and it is located on the Desktop with the name ‘New Case’. Open Autopsy and use the ‘Open Case File’ option. Additional images are located in C:\Images if needed.
6) When ingesting the forensic images into Autopsy, it is recommended to run the following modules (which can be found and run from the Tool menu later as well):
- Recent Activity
- File Type Identification
- Extension Mismatch Detector
- Embedded File Extractor
- Email Parser
- Central Repository
- PhotoRec Carver
- Data Source Integrity
7) You have 12 hours to complete this scenario.
Rules of Engagement:
Several components of the environment are directly related to objective detection and scoring. Therefore, they are considered OFF LIMITS! If these components are modified, your score may not register properly. PROCEED WITH CAUTION!
- The 10.0.0.0/24 and 10.1.0.0/24 networks
- The following logging services: auditd, syslog, nxlog, and Windows Event Viewer